OPTIM: tcpcheck: Don't set SNI and ALPN for non-ssl connections

There is no reason to set the SNI and ALPN for non-ssl connections. It is
not really an issue because ssl_sock_set_servername() and
ssl_sock_set_alpn() functions will do nothing. But it is cleaner this way
and this could avoid bugs in future.

No backport needed, because there is no bug.

diff --git a/src/tcpcheck.c b/src/tcpcheck.c
index beec75e73695270fedeb91c2a44163f53f56a994..a9dffeae0ccb60c57b422513fb578a6a465e6853 100644 (file)
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@@ -1426,15 +1426,17 @@ enum tcpcheck_eval_ret tcpcheck_eval_connect(struct check *check, struct tcpchec
        conn->ctx = check->sc;
 
 #ifdef USE_OPENSSL
-       if (connect->sni)
-               ssl_sock_set_servername(conn, connect->sni);
-       else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s && s->check.sni)
-               ssl_sock_set_servername(conn, s->check.sni);
-
-       if (connect->alpn)
-               ssl_sock_set_alpn(conn, (unsigned char *)connect->alpn, connect->alpn_len);
-       else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s && s->check.alpn_str)
-               ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str, s->check.alpn_len);
+       if (conn_is_ssl(conn)) {
+               if (connect->sni)
+                       ssl_sock_set_servername(conn, connect->sni);
+               else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s && s->check.sni)
+                       ssl_sock_set_servername(conn, s->check.sni);
+
+               if (connect->alpn)
+                       ssl_sock_set_alpn(conn, (unsigned char *)connect->alpn, connect->alpn_len);
+               else if ((connect->options & TCPCHK_OPT_DEFAULT_CONNECT) && s && s->check.alpn_str)
+                       ssl_sock_set_alpn(conn, (unsigned char *)s->check.alpn_str, s->check.alpn_len);
+       }
 #endif
 
        if (conn_ctrl_ready(conn) && (connect->options & TCPCHK_OPT_LINGER) && !(conn->flags & CO_FL_FDLESS)) {